Privacy Policy

Introduction

drammr is a mobile application that helps you create sensory profiles for your favourite spirits. This Privacy Policy explains how Marshall Spirits, Ltd. ("we", "us", or "our") collects, uses, and protects your personal data when you use the drammr app. We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR).

Data Controller

Marshall Spirits, Ltd. is the data controller responsible for your personal data.

Company: Marshall Spirits, Ltd.

Contact: support@drammr.com

Data We Collect

We collect the following categories of personal data:

Account Data

Email address (for account recovery and notifications)
Display name (your public username)
Bio (optional profile description)
Profile photo (optional)
Website URL (optional)

Content Data

Drams (your tasting notes, flavour profiles, and ratings)
Collections (collection names, descriptions, optional photos, dates, privacy settings, and optional collection locations, including Google place references or approximate coordinate centre points and radii)
Photos attached to your drams
Comments on other users' drams
Feedback and support requests you submit

Social Data

Follow relationships (who you follow and who follows you)
Likes on drams

Technical Data

Device tokens (for push notifications, with your consent)
App preferences (theme, locale)
Device location, only when you ask for nearby or current-location suggestions while adding an optional location to a collection. Current device coordinates may be sent transiently to our backend and Google Places to return suggestions. If you save an approximate coordinate collection location, the stored location is an approximate centre point and selected radius.
Crash reports and error logs (with your consent, including technical diagnostics, pseudonymised account identifiers, and identifiers for app records involved in the error)

Legal Basis for Processing

We process your personal data on the following legal bases:

Contract Performance: Processing necessary to provide the drammr service, including account creation, storing your drams, and enabling social features.
Legitimate Interest: Processing for app improvement, security, content moderation, and fraud prevention.
Consent: Processing for crash reporting, optional device-location access for collection-location suggestions, and approximate coordinate storage when you explicitly save an approximate coordinate location to a collection. Crash reports may include technical diagnostics, a pseudonymised account identifier, and identifiers for app records involved in the error. You can withdraw crash-reporting consent in app settings and location permission in your device settings.

How We Use Your Data

Provide core app features (creating drams and collections, optional collection location selection, commenting, following)
Send push notifications about activity on your content
Moderate content to ensure community guidelines are followed
Respond to support requests and feedback
Protect against fraud, abuse, and security threats

Data Sharing

We share your data with the following third-party service providers who help us operate the app. All providers are bound by data processing agreements.

Google Firebase / Google Cloud

Infrastructure provider for data storage, authentication, cloud functions, and Firebase Crashlytics crash reporting. With your consent, crash reports may include technical diagnostics, a pseudonymised account identifier, and identifiers for app records involved in the error. Firestore data is stored in the UK. Cloud Functions execute in the US. Subject to Google Cloud Data Processing Agreement.

Cloudflare

Email delivery for administrative notifications (e.g., data export links). Receives email addresses for delivery purposes only. Subject to Cloudflare DPA.

Google Natural Language API

Content moderation service. User-generated text (dram notes, comments, bios) is analysed for inappropriate content. Text is processed transiently and not stored by Google. Subject to Google Cloud DPA.

Google Places API

Collection location search and details provider. Search text, selected Google place IDs, and optional current device coordinates for nearby suggestions are sent to Google to return place results. We store selected Google place IDs for Google-backed collection locations. We do not store Google place names, addresses, or raw Google Places responses. Coordinates are stored only when you explicitly save an approximate coordinate collection location, as an approximate centre point and selected radius.

Data Retention

We retain your data for the following periods:

Account data: Retained while your account is active. Deleted upon account deletion request.
Collection locations: Google place IDs or approximate centre points and radii are retained with the collection until you remove the location, delete the collection, or delete your account.
Notifications: Automatically deleted after 90 days
Moderation records (approved content): Deleted after 30 days
Moderation records (rejected content): Retained for 1 year for appeals
Backups: Retained for 30 days, then automatically deleted
Data export files: Available for download for 7 days, then deleted

Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

Right of Access: You can request a copy of your personal data using the data export feature in the app settings.
Right to Rectification: You can update your profile information directly in the app.
Right to Erasure: You can delete your account in the app's privacy settings. Your personal data will be deleted and your content anonymised.
Right to Data Portability: You can export your data in JSON format using the data export feature in the app settings.
Right to Withdraw Consent: You can withdraw consent for crash reporting in the app settings and revoke location permission in your device settings.

To exercise any of these rights, use the relevant features in the app or contact us at support@drammr.com.

Note: Data export requests are limited to once every 30 days, as permitted by GDPR Article 12(5) regarding excessive requests.

Age Restriction

drammr is intended for users aged 18 and over. The app relates to alcoholic beverages and is not intended for use by minors. We do not knowingly collect personal data from anyone under 18. If you believe we have collected data from someone under 18, please contact us immediately at support@drammr.com.

Cookies and Tracking

The drammr mobile app does not use cookies. If you visit our website, we use only essential cookies required for site functionality. We do not use third-party advertising or tracking cookies.

International Data Transfers

Your data is primarily stored in the UK. Some processing occurs in the United States, including Cloud Functions and third-party processors (Cloudflare and Google Places). These transfers are protected by Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app and request your acknowledgment of the updated policy before continuing to use the service.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

support@drammr.com

Version 1.3.0

© 2026 drammr. All rights reserved.